Extended wireless device activation

ABSTRACT

Various arrangements for activating a wireless device on a wireless network are presented. A request to attach to the wireless network may be received from the wireless device. The request may specify an international mobile subscriber identity (IMSI). An authentication message may be transmitted to a detection device of the wireless network. The IMSI may be compared to a set of stored blocked IMSIs. Each IMSI of the set of stored blocked IMSIs may be prohibited from being used to access the wireless network. It may be determined that the wireless device may that corresponds to the IMSI is permitted to be attached to the wireless network. In response to determining the wireless device is permitted to attach to the wireless network, authentication of the wireless device may occur.

CROSS-REFERENCES

This application claims priority to U.S. Provisional Patent ApplicationNo. 61/382,324, filed Sep. 13, 2010, entitled “Extended Wireless DeviceActivation,” Atty. Dkt. No. 017349-001300US, U.S. Provisional PatentApplication No. 61/382,311, filed Sep. 13, 2010, entitled “ExtendedOccasional Access to a Wireless Network,” Atty. Dkt. No.017349-001200US, U.S. Provisional Patent Application No. 61/387,101,filed Sep. 28, 2010, entitled “Semi-Permanent Access to a WirelessNetwork,” Atty. Dkt. No. 017349-001400US, and U.S. Provisional PatentApplication No. 61/387,110, filed Sep. 28, 2010, entitled “ControlledOccasional Access to a Wireless Network,” Atty. Dkt. No.017349-001500US, the entire disclosures of which are hereby incorporatedby reference.

This application is a continuation-in-part of U.S. patent applicationSer. No. 12/197,396, filed Aug. 25, 2008 by Lopresti et al., entitled“Wireless Device Activation,” Atty. Dkt. No. 017349-000910US, the entiredisclosure of which is hereby incorporated by reference. U.S. patentapplication Ser. No. 12/197,396 claims the benefit, under 35 U.S.C.§119(e), of the filing date of provisional U.S. Patent Application No.60/992,913, filed Dec. 6, 2007 by Lopresti et al. and entitled “WirelessDevice Activation,” the entire disclosure of which is herebyincorporated by reference.

BACKGROUND

In order to operate on a wireless network, a wireless device (e.g., acellular phone, wireless sensor) generally must be registered on thewireless network. To activate the wireless device on the wirelessnetwork, a wireless provider generally undertakes a practice referred toherein as “activation,” in which the wireless device is identified tothe wireless network using an identifier (such as an internationalmobile subscriber identifier (IMSI) or similar identifying number,which, in many cases, is encoded on a subscriber identity module (SIM)of the wireless device. In a general sense, this process involvescreating a record for the device. In some cases, the record comprisesthe identifying number, as well as an addressing number (e.g., a phonenumber for a wireless phone), such as an international ISDN number(“MSISDN”) or similar number. This record identifies the device to thenetwork and provides information about the capabilities of the device.

When a new wireless device is purchased, the wireless network mustactivate the wireless device before the user can use the wireless deviceon the wireless network. There are, in general, three different ways inwhich a wireless device can be activated.

In the first case, the wireless device is preactivated prior to sale ofthe wireless device to the user. This process may be used mostfrequently for prepaid wireless phones. Under a preactivation scheme,the device has installed therein a SIM card that is assigned anactivated IMSI before the device is sold. This technique, whiletechnically feasible, has several downsides. First, because the IMSI isassigned and activated before the device is sold, there may be anenhanced risk of theft and/or other supply-chain “leakage.” Second, thistechnique may require substantial investment in allocating and/oractivating IMSIs early in the supply chain, resulting in inefficiencies(for example, maintain a relatively large stock of activated IMSIscorresponding to devices that may not be sold or used for some time).Further, if the supply chain involves rebranding the devices, some ofthe allocated and activated IMSIs might never be used. Moreover,preactivation of a SIM card generally requires the assignment of anMSISDN to the SIM (by associating the MSISDN with the IMSI assigned tothe SIM). Given that MSISDNs (and possibly IMSIs) may be relativelyscarce resources, this solution may be less than optimal. Anotherinefficiency may be the allocation of space in databases of a wirelessnetwork with which the wireless device is configured to be used. Forexample, space in a Home Location Register of the wireless network maybe allocated without ever being used.

In the second case, the wireless device is activated at thepoint-of-sale. While this technique may be suitable for applications inwhich the wireless device is sold at a relatively sophisticated reselleror agent of the wireless provider, it is unavailable in many cases(including, for example, in the case of prepaid phones or phones thatare purchased at locations other than dedicated resellers).

The third option is to sell a wireless device in an unactivated stateand require the user to activate the wireless device before use.Because, as noted above, the device is inoperable on the network untilactivation, the wireless device itself may not be able to be used as theactivation vehicle. Hence, the user may have to call the wirelessnetwork provider (using a different phone), visit the wireless networkprovider's website (using a separate computer or some other device),and/or the like. This option may be less than desirable because itimposes an inconvenience on the user, resulting in a competitivedisadvantage for the provider in relation to techniques that do notimpose similar inconveniences on the user.

BRIEF SUMMARY

Various arrangements for activating a wireless device on a wirelessnetwork is presented. In some embodiments, a method for activating awireless device on a wireless network is presented. The method mayinclude receiving an authentication request based on the wireless deviceattempting to attach to the wireless network. The authorization requestmay specify an international mobile subscriber identity (IMSI). Themethod may include comparing the IMSI to a set of stored blocked IMSIs.Each IMSI of the set of stored blocked IMSIs is prohibited from beingused to access the wireless network. The method may include, in responseto the comparison, determining the wireless device that corresponds tothe IMSI is permitted to be attached to the wireless network. The methodmay include, in response to determining the wireless device is permittedto attach to the wireless network, causing authentication of thewireless device.

Embodiments may include one or more of the following: The method mayinclude routing, by the wireless network, the authentication request toa detection device based on the IMSI, wherein the detection device isseparate from an HLR of the wireless network. Causing authentication ofthe wireless device may include performing authentication of thewireless device by the detection device, wherein such authenticationdoes not require communication with an authentication center of thewireless network. Causing authentication of the wireless device mayinclude transmitting an authentication response comprising securityinformation to a mobile switching center of the wireless network,wherein the mobile switching center services the wireless device. Themethod may include identifying a second IMSI corresponding to a secondwireless device that has violated at least a rule of a set of rules. Themethod may include in response to identifying the second IMSIcorresponding to the second wireless device that has violated at leastthe rule of the set of rules, adding the second IMSI to the set ofstored blocked IMSIs. The rule may define a limit on a number ofsignaling messages permissible to be received from wireless devices. Themethod may include receiving a command from an administrator, to add asecond IMSI to the set of stored blocked IMSIs. The method may includein response to receiving the command, adding the second IMSI to the setof stored blocked IMSIs. The method may include transmittingprovisioning information corresponding to the wireless device to aplurality of AUCs of the wireless network. The method may includereceiving a response from at least one of the plurality of AUCs. Causingauthentication of the wireless device may include selecting an AUC fromthe plurality of AUCs of the wireless network to receive authenticationinformation corresponding to the wireless device based on a responsetime of the response of the AUC to the transmitted provisioninginformation. Causing authentication of the wireless device may includetransmitting the authentication information corresponding to thewireless device to the selected AUC. The method may include assigning atemporary mobile subscriber integrated services digital network number(MSISDN) to the wireless device that corresponds to the IMSI, whereinthe IMSI is a temporary IMSI. The method may include assigning anon-temporary MSISDN and a non-temporary IMSI to the wireless device.The method may include after assigning the non-temporary MSISDN and thenon-temporary IMSI to the wireless device, transmitting a first messageto a home location register (HLR) of the wireless network. The firstmessage may be for delivery to the wireless device. The method mayinclude receiving a message from the HLR indicating that the wirelessdevice is available to receive the message.

In some embodiments, a detection device for activating a wireless deviceon a wireless network is presented. The detection device may include aprocessor. The detection device may include a memory communicativelycoupled with and readable by the processor and having stored thereinprocessor-readable instructions. When executed, the instructions maycause the processor to receive a request from the wireless network forauthentication of the wireless device. The request may specify aninternational mobile subscriber identity (IMSI) corresponding to thewireless device. When executed, the instructions may cause the processorto compare the IMSI to a set of stored blocked IMSIs. Each IMSI of theset of stored blocked IMSIs may be prohibited from being used to accessthe wireless network. When executed, the instructions may cause theprocessor to, in response to the comparison, determine the wirelessdevice that corresponds to the IMSI is permitted to be attached to thewireless network. When executed, the instructions may cause theprocessor to, in response to determining the wireless device ispermitted to attach to the wireless network, cause the wireless deviceto be authenticated.

In some embodiments, a detection apparatus for activating a wirelessdevice on a wireless network is presented. The detection apparatus mayinclude means for receiving a request from the wireless network forauthentication of the wireless device. The request may specify aninternational mobile subscriber identity (IMSI) corresponding to thewireless device. The detection apparatus may include means for comparingthe IMSI to a set of stored blocked IMSIs. Each IMSI of the set ofstored blocked IMSIs may be prohibited from being used to access thewireless network. The detection apparatus may include means fordetermining, in response to the comparison, the wireless device thatcorresponds to the IMSI is permitted to be attached to the wirelessnetwork. The detection apparatus may include means for causing thewireless device to be authenticated in response to determining thewireless device is permitted to attach to the wireless network.

BRIEF DESCRIPTION OF THE DRAWINGS

A further understanding of the nature and advantages of variousembodiments may be realized by reference to the following figures. Inthe appended figures, similar components or features may have the samereference label. Further, various components of the same type may bedistinguished by following the reference label by a dash and a secondlabel that distinguishes among the similar components. If only the firstreference label is used in the specification, the description isapplicable to any one of the similar components having the same firstreference label irrespective of the second reference label.

FIG. 1 illustrates an embodiment of a wireless device in communicationwith a wireless network.

FIG. 2 illustrates an embodiment of a wireless network configured toactivate a wireless device.

FIG. 3 illustrates an embodiment of a relationship between a deviceactivation provider and a supply chain, in accordance with variousembodiments of the invention.

FIG. 4 illustrates an embodiment of a method for activating a wirelessdevice.

FIG. 5 illustrates another embodiment of a method for activating thewireless device.

FIG. 6 illustrates an embodiment of a method of configuring a wirelessnetwork to support wireless device activation.

FIG. 7 illustrates an embodiment of a method for modifying an IMSIblacklist.

FIG. 8 illustrates an embodiment of a method for confirming that awireless device has been activated properly.

FIG. 9 illustrates an embodiment of a computer system.

DETAILED DESCRIPTION

Arrangements described herein allow a wireless device to act as thevehicle for its own activation in a wireless network. As used herein,the term “wireless device” is used to mean any type of device thatoperates by access to a wireless network and requires activation to beoperable. Such devices include wireless phones, as well as connectedpersonal digital assistants, portable email devices, and/or the like. Inone aspect, such devices may operate on what is sometimes referred to asa “wide area cellular” network, including without limitation a GlobalSystem for Mobile telecommunications (“GSM”) network, a code divisionmultiple access (“CDMA”) network, and/or networks operating inaccordance with any derivatives thereof (such as General Packet RadioService (“GPRS”), Enhanced Data rates for GSM Evolution (“EDGE”),CDMA2000, Universal Mobile Telecommunications Standard (“UMTS”), CodeWideband-CDMA (“W-CDMA”), High Speed Packet Access (“HPSA”), andEvolution-Data Optimized (“EVDO”) technologies, among others).

SIM cards may be provided having stored thereon temporary IMSIs. TheseSIM cards may be sold with a wireless device. These temporary IMSIs maybe within a range of IMSIs reserved for use by a detection device. Insome embodiments, when a wireless network receives a message requestingto attach to the wireless network (a “registration message”) from awireless device assigned a temporary IMSI number, it may forward thismessage to a detection device (which may be part of the wireless networkor may be operated by a third-party), which selects a temporary MSISDNnumber for the IMSI.

The detection device may permit or block activation of a wireless devicebased on the IMSI of the wireless device's SIM card. If the IMSI of thewireless device (that is, the IMSI of the SIM card of the wirelessdevice) is listed in a blacklist that is accessible to the detectiondevice, activation of the wireless device associated with the IMSI maybe blocked. Such a blacklist may be maintained manually and/orautomatically. An administrator may add and/or remove IMSIs to and fromthe blacklist. IMSIs may automatically be added to (and/or removed from)the blacklist based on one or more predefined rules. For example, if awireless device associated with an IMSI attempts to transmit above athreshold number of messages within a period of time, the IMSI may beadded to the blacklist.

The detection device, in accordance with some embodiments, may providesufficient signaling support to allow the wireless network to registerand manage the wireless device without causing an error to be displayedto the user of the wireless device, thereby possibly resulting in a moresatisfying activation experience for the user. The detection device,upon receiving a registration message may be configured to compare theIMSI of the wireless device with a blacklist of IMSIs. If the IMSI ofthe wireless device is listed on the blacklist, activation may beblocked. If not, activation may be permitted to be attempted. In someembodiments, authentication may be conducted by the detection devicewithout accessing an AUC. In some embodiments, during activation, ratherthan having a single AUC provisioned, two or more AUCs may beprovisioned. The first AUC to complete the provisioning process may betransmitted authentication information linked with a wireless devicebeing activated. By provisioning multiple AUCs, the latency duringactivation may be decreased because only one AUC may need to respond tothe provisioning request and receive the authorization information.

A profile for the wireless device may be provided by the detectiondevice to the wireless network (and/or more particularly, theappropriate equipment, such as a visitor location register (VLR) and/orvisited mobile switching center (MSC)). This profile, which contains thetemporary MSISDN number, provides the wireless device with sufficientaccess to the wireless network to complete the activation process. AnMSISDN may refer to a dialable number that a caller may dial tocommunicate with a wireless device.

The detection device may be configured to notify an activation systemthat a wireless device with a temporary IMSI has registered with thenetwork. The activation system, then, may assign a non-temporary MSISDNto the wireless device (based, perhaps, on an interaction between theuser and the activation system) and/or may assign a non-temporary IMSInumber to the SIM card in the wireless device. The activation system mayalso create, in the wireless network (e.g., home location registers,authentication centers, etc.) appropriate records comprising thenon-temporary MSISDN and IMSI number. The temporary MSISDN then may bereturned to the pool for re-use by the detection device in anotheractivation procedure.

At the conclusion of activation, once the wireless device has beenassigned a non-temporary (e.g., permanent) MSISDN and non-temporary(e.g., permanent) IMSI, the detection device may not automaticallyreceive an indication of whether the activation process completedproperly. For example, once the wireless device has received thenon-temporary IMSI and the non-temporary MSISDN, the wireless device mayreattach to the wireless network using the non-temporary IMSI andrequests to the wireless network involving the wireless device may nolonger be routed to the detection device (because the wireless device'sIMSI is non-temporary). As such, in order to confirm that activation hasoccurred properly, a message, such as an SMS text message, may beregistered for delivery to the wireless device by the detection devicewith an HLR. If the HLR responds to the detection device with a messageindicating that the non-temporary MSISDN is available for receiving(SMS) messages, the detection device may determine that activation hasbeen successful.

While the following systems and methods discuss the use of IMSIs, itshould be understood that similar systems and method may be used withsome other form of identifier and the description of IMSIs should not beinterpreted as limiting.

FIG. 1 illustrates an embodiment 100 of a wireless device 105 incommunication with a wireless network 110. Wireless network 110 mayinclude a signaling system 7 (“SS7”) network. In also may be possiblefor wireless network 110 to include one or more of a wirelessintelligent network (“WIN”), a public switched telephone network(“PSTN”), and/or a data network (such as an Internet Protocol network,which can include the Internet, an Intranet, and/or the like). Inembodiment 100 of FIG. 1, wireless network 110 comprises (and/orprovides communication between) base station 115, base stationcontroller (BSC) 120, a mobile switching center (MSC) 125, a homelocation register (HLR) 130, and an authentication center (AUC) 135. Oneskilled in the art will appreciate that wireless network 110 may includeother components, such as a switching service point, intelligentperipheral, etc., and/or or that wireless network 110 often willcomprise multiple base stations, base station controllers, mobileswitching centers, home location registers and/or authenticationcenters. Likewise, it is possible that two or more of these componentsmight be integrated in a single device.

Generally, wireless device 105 has associated therewith anidentification number. The identification number may be specific to awireless device or a SIM card of the wireless device. As such, theidentification number, which may be an IMSI, may not be the same asanother IMSI of another wireless device 105 configured to attach towireless network 110. The IMSI may identify wireless device 105 to thenetwork, and/or an addressing number (which may be, but need notnecessarily be, an MSISDN), which may be used by wireless network 110 toaddress wireless device 105 when communicating with wireless device 105.

In normal operation, when an activated wireless device 105 registerswith wireless network 110 (e.g., wireless device 105 is powered on,enters the service area, etc.), it sends a message, which is received atthe base station controller 120 (usually via the base station 115). Themessage generally will include the IMSI of the SIM card of wirelessdevice 105, either explicitly or implicitly (e.g., the base stationcontroller 120 will be able to ascertain the identification number andassociate it with the message, if necessary). (For simplicity, thisphrase may be abbreviated to “the IMSI of wireless device 105,” whichshould be interpreted to include the IMSI of the SIM card of a wirelessdevice.) The MSC 125 (or some other component of wireless network 110)thus identifies the identification number of the wireless device 105 andqueries the HLR 130, which returns to the MSC 125 data about thewireless device 105. (While this document, for ease of description,refers to communications between the MSC 125 and other devices, oneskilled in the art will appreciate that, in practice, it is often eithera visitor location register (“VLR”), which, in many cases, is collocatedwith the MSC 125, the MSC 125 itself and/or some combination thereof,that participates in such communications. Hence, this document sometimesrefers to the MSC and VLR collectively, and references herein tooperations involving the MSC 125 should be considered to includeoperations that might involve a VLR as well.) Such data can include theaddressing number of wireless device 105, as well as the capabilities ofwireless device 105.

Typically, a security key is used to secure communications betweenwireless device 105 and the wireless network 110. This security key(often implemented as a set of data “triplets” comprising a signedresponse, session key and a random number) is generated by theauthentication center 135, based on a shared secret stored in thewireless device (often referred to as Ki) and in a record in theauthentication center 135. In a typical implementation, the HLR 130forwards the query (or at least the wireless device's identificationnumber) to the authentication center 135 as well. The authenticationcenter 135 correlates the wireless device's identification number withthe shared secret, such that when provided the identification number,the authentication center 135 can generate the security key based on theshared secret for that wireless device and return it to the MSC 125,which can use that data to authenticate the wireless device 105.

Once the MSC 125 has obtained the data from the HLR 130 andauthenticated wireless device 105 based on the security key, wirelessdevice 105 is operable on wireless network 110. In this typicalimplementation, however, the activation process populates HLR 130 andauthentication center 135 with data about wireless device 105, includingthe identification number and shared secret. Hence, if wireless device105 has not been activated, neither HLR 130 nor authentication center135 may contain records corresponding to the identification number ofwireless device 105, thereby preventing wireless device 105 fromregistering with wireless network 110 and thus rendering wireless device105 at least partially inoperable on wireless network 110.

FIG. 2 illustrates an embodiment 200 of a wireless network 210configured to activate wireless device 205. Embodiment 200 is similar toembodiment 100 of FIG. 1, and it may operate in similar fashion oncewireless device 205 has been activated. Embodiment 200, however, isconfigured to allow wireless device 205 to perform its own activation.In accordance with a set of embodiments, in addition to base station215, BSC 220, MSC/VLR 225, HLR 230 and AUC 135, embodiment 200 includesa detection device 240 and an activation system 245. Detection device240 can be a device and/or computer system that is configured to performfunctions ascribed herein to a detection device. In some cases,detection device 240 may be implemented by a modified HLR; in othercases, detection device 240 may perform only detection services.Activation system 245 can be any computer system and/or device thatcomprises the necessary configuration and/or software to perform thefunctions described below to activate the wireless device 205 throughwireless network 210. In some embodiments, activation system 245 is asingle computer; in other embodiments, it may be a group of computersthat collectively provide the functionality described herein.

In the illustrated embodiment, detection device 240 resides withinwireless network 210, while the activation system 245 is outsidewireless network 210, although activation system 245 is in communication(either directly or indirectly) with detection device 240, as well asthe HLR 230, AUC 235 and/or MSC/VLR 225. (In various other arrangements,detection device 240 and/or activation system 245 may be either insideor outside wireless network 210 and/or may be in communication, eitherthrough wireless network 210 or otherwise, with various components ofthe network.)

A mode of operation of embodiment 200, and, in particular, detectiondevice 240 and activation system 245, is described in detail below. In ageneral sense, however, a set of embodiments provides a detection devicethat is configured to act as a “quasi-HLR.” In other words, thedetection device (which is not an HLR 130 and generally does not performthe functions of an HLR 130), is configured to be seen by wirelessnetwork 210—and, in particular the MSC 225—as the HLR for an unactivatedwireless device 205. Hence, when unactivated wireless device 205attempts to register with wireless network 210, MSC/VLR 225 queriesdetection device 240, rather than HLR 230, for data about wirelessdevice 205. MSC/VLR 225 may query detection device 240 instead of HLR230 based on a temporary IMSI of wireless device 205. For example, IMSIsin a particular range may be configured for routing to detection device240. Detection device 240, in turn, may contact activation system 245,which is responsible for assigning an addressing number to wirelessdevice 205 and, in some cases, assigning a new, non-temporary (e.g.,permanent) identification number (e.g., IMSI) to the SIM in wirelessdevice 205. (In which case, the original, temporary identificationnumber may be reused on a different unactivated SIM in the future.) Inan aspect, activation system 245 may be responsible for updatingwireless network 210 to complete activation of wireless device 205, asdescribed in further detail below.

In some embodiments, such activation techniques form the basis for amethod of manufacturing and/or distributing SIMs (or just IMSIs) moreefficiently, and/or to monetize the number selection process. FIG. 3illustrates an embodiment 300 of a relationship between activationsystem 245 and a supply chain (which might also be considered a saleschannel) 305. Supply chain 305 may involve various numbers of entities;as illustrated, supply chain 305 includes SIM manufacturing process 310,wireless provider 320, distributor 325, and retailer 330. A retailer canbe any of a variety of entities, with a variety of relationships to awireless provider 320. For example, in some cases, retailer 330 might bea value-added reseller of wireless devices, while in other cases,retailer 330 might be a big-box electronic store. In some cases, theretailer might be a general merchandise retailer (such as a grocerystore, convenience store, kiosk, etc.). Unlike some traditionalactivation techniques, embodiments of the invention can support retailsales through virtually any type of retailer.

In various embodiments, supply chain 305 may contain none, one, or moreof each of these types of entities. For example, in a case in whichactivation system 245 is operated by the wireless provider (i.e., thewireless telephone company will provide service for the wireless deviceonce activated), the wireless provider might not be considered part ofthe supply chain. As another example, if the wireless devices/SIMs arerebranded before sale to the end user, there may be multiple wirelessproviders 320 in the supply chain. (It should be noted as well that anytwo or more of these entities may be consolidated; for example, wirelessprovider 320 may also act as distributor 325 and/or retailer 330 ofwireless devices.)

In the illustrated embodiment, SIM manufacturer 310 is at the beginningof the supply chain (although the activation provider might actually beconsidered the beginning of the supply chain). SIM manufacturer 310 isresponsible for manufacturing SIMs and/or, more precisely, for encodingthe SIMS with identification numbers provided by activation system 245.

The SIMs then can be provided to wireless provider 320, whichdistributes them to distributor(s) 325 (and/or directly to retailer(s)330), either installed in wireless devices or as standalone componentsto be installed later into wireless devices. Retailer 330, afterreceiving a SIM/wireless device, sells the wireless device to a user,who can then activate the wireless device as described herein.

As noted above, activation system 245 (which might be operated by anactivation provider, who may be a standalone entity and/or one of theother entities within the supply chain 305, such as the wirelessprovider 320 and/or SIM manufacturer 310) may be configured to be incommunication with one or more other entities in the supply chain. In anaspect, activation system 245 might be in communication with theseentities through conventional computer communications (such as by way ofa business application, such as a supply chain management application,via specialized software, via a specified data exchange format, such asXML, via human communication, etc.).

Activation system 245, in an aspect, interacts with the SIMmanufacturing process to provide a pool of known identification numbers(e.g., IMSI numbers) that can be encoded onto SIMs as temporaryidentification numbers of unactivated SIMs. SIM manufacturer 310 canthen produce SIMs, in conventional fashion, encoded with identificationnumbers from this pool.

Activation system 245 may also interact with the wireless provider (inaddition to interacting with the provider's wireless network to activatewireless devices, as described elsewhere herein) to provide statusinformation about the activation process, for example, by notifyingwireless provider 320 of the wireless network of the status ofSIMs/identification numbers. Activation system 245 may interact as wellwith distributors 325 and/or retailers 330 to provide such information,to obtain information about sales of SIMs (and/or devices comprising theSIMs), particularly SIMs having temporary identification numbers.

Activation system 245 (and/or another computer in communicationtherewith) may track the progress of the SIM through the supplychain/sales channel, either to maintain information about the status ofthe IMSIs and to prevent supply chain leakage, and/or to identify anentity responsible for the IMSI. For example, if an IMSI is used in arebranded wireless device, it can be useful to know the provider of therebranded service, as there may be a need to apportion fees and/oraccount for transaction costs associated with the sale of the wirelessdevice. In one aspect, activation system 245 (and/or an associatedcomputer) may receive status updates when the status of an IMSI changes,including, for example, when a SIM is encoded with the IMSI, when theSIM is installed in a device, when the device is provided to adistributor 325 and/or retailer 330, when the device is purchased by anend user, etc. Such updates may be provided by the entity responsiblefor the status of the IMSI at that time and/or may be propagated up thesupply chain to the activation system (or associated computer). Standardsupply chain and/or sales channel management techniques, communicationstechniques, and/or software may be used to communicate such information.

In another aspect, activation system 245 (and/or another aspect of theactivation provider) may interact with entities in the supply chain totransfer payments in relation to the activation process. In someembodiments, for example, the activation provider may receive paymentfrom wireless provider 320 (and/or any of the other entities) forproviding activation services. In other embodiments, the activationprovider may also make payments to any of these entities, and/or maynotify the entities of such payments, amounts owing, etc., viaactivation system 245 and/or another system in communication therewith.Merely by way of example, as described below, in some cases, a user willbe charged a fee for the ability to have input into the selection. Thatfee may be charged by the activation provider, and/or a portion of thefee may be allocated to SIM manufacturer 310, wireless provider 320,distributor(s) 325, and/or retailer(s) 330. Payment of these portions ofthe fees, and/or accounting therefor, may be performed by activationsystem 245 (and/or another computer in communication therewith). Inother cases, the fee may be charged by wireless provider 320 (or anotherentity) directly, for example, by adding the fee to the user's invoicefor wireless service. In such cases, activation system 245 might notifythat entity of the type of input (as described below, for example)provided by the user in selecting the number (e.g., MSISDN) for thewireless device, so that wireless provider 320 (or other entity) canproperly bill the user. Some of that fee might be allocated to theactivation provider as well.

FIG. 4 illustrates an embodiment of a method 400 for activating awireless device using a detection device. Method 400 may be performedusing wireless network 210 of FIG. 2. Method 400 may also be performedby some other wireless network that has, or is in communication with, adetection device, such as detection device 240 of FIG. 2. Each step ofmethod 400 may be performed by such a detection device, which maycomprise one or more computer systems, such as computer system 900 ofFIG. 9. The detection device may be part of the wireless network or maybe in communication with the wireless network but operated by athird-party. Means to perform method 400 may include one or morecomputerized devices, such as the components of the previously detailedsystems.

At step 405, a detection device may receive an authentication request.The authentication request may be in the form of a “send authenticationinformation” message received from an MSC (and/or VLR) that services thewireless device. The authentication request may result from a wirelessdevice initially attempting to attach to a wireless network, such aswireless network 210 of FIG. 2. The authentication request may be routedto the detection device based on the IMSI of the wireless device. ThisIMSI may be a temporary IMSI. All requests from wireless devicesassociated with such temporary IMSIs may be routed by the wirelessnetwork to the detection device. For example, a range of IMSIs may berouted by the wireless network to the detection device. Theauthentication request may contain the IMSI of the wireless deviceattempting to attach to the wireless network.

At step 410, the IMSI received as part of the authentication request atstep 405 may be compared to a blacklist of IMSIs. Such a blacklist maylist one or more IMSIs that are prohibited from being activated for useon the wireless network. As an example, IMSIs of wireless devices thatare known to be stolen may be added to the blacklist. The creation andmodification of such a blacklist is described in detail in reference tomethod 700 of FIG. 7.

If the IMSI received as part of the authentication request matches anIMSI listed in the blacklist, method 400 may proceed to step 415. Atstep 415, authentication, and thus activation of the wireless device,may be blocked by the detection device. As such, the wireless device maynot be activated for one or more uses on the wireless network. Thedetection device may return one or more messages to the MSC/VLR thatindicates that authentication of the wireless device associated with theIMSI is prohibited. The detection device returning such messages to theMSC/VLR may not require any interaction with an AUC and/or an HLR todeny authentication.

If the IMSI received as part of the authentication request does notmatch an IMSI listed in the blacklist, method 400 may proceed to step420. By the IMSI received as part of the authentication request at step405 not being present on the blacklist, it may be determined that thewireless device associated with the IMSI (or the SIM associated with theIMSI) is eligible for activation. While at step 410 the IMSI received aspart of the authentication request is compared to a blacklist of IMSIs,it should be understood that a similar comparison may be conducted to awhitelist of IMSIs. In such a comparison, activation of the IMSIreceived as part of the authentication request at step 405 may only bepermitted if the received IMSI is listed on the whitelist. Activationmay be blocked if the IMSI is not listed on the whitelist.

At step 420, authentication of the IMSI received by the detection deviceat step 405 may be performed by the detection device. As such, it may bepossible for authentication to be performed by the detection devicewithout interaction with an AUC or HLR. The detection device may returnone or more messages to the MSC/VLR that indicates the result of theauthentication procedure. This authentication performed by the detectiondevice may involve using the encrypted Ki values (or some otherencryption values) associated with the temporary IMSI received as partof the authentication request. The detection device may receive one ormore location update messages from the MSC/CLR associated with thewireless device being activated.

At step 430, a temporary MSISDN may be selected from a pool of availableMSISDNs and assigned to the temporary IMSI of the wireless device. Assuch, the wireless device being activated is now associated with atemporary MSISDN. This temporary MSISDN may only be used duringactivation. As such, once the temporary MSISDN has been used duringactivation, the temporary MSISDN may be used for activation of anotherwireless device. At step, 435 an insert subscriber data message may betransmitted to the MSC/VLR. This message may identify various servicesthat the wireless device is capable of, such as receiving and/or sendingSMS messages, emergency services, placing and/or receiving phone calls,and/or web services. Following step 435, the wireless device may bepermitted to use the wireless network for the bearer services that wereidentified in the insert subscriber data message.

At step 440, a non-temporary IMSI and a non-temporary MSISDN may beassigned to the wireless device by the detection device. Thenon-temporary MSISDN may be selected from a pool of non-temporaryMSISDNs available for assignment. In some embodiments, a user of thewireless device may be permitted to select a non-temporary MSISDN fromthe pool. For example, referring to U.S. patent application Ser. No.12/197,396 identified in the cross reference section, method 700 of FIG.7 may be performed to permit a user of the wireless device to select anon-temporary MSISDN.

At step 445, the non-temporary IMSI may be provisioned into one or moreAUCs of the wireless network. Additionally, at step 445, thenon-temporary IMSI and the non-temporary MSISDN may be provisioned intoone or more home location registers. As such, in method 400, one or moreof the AUCs may be contacted once authentication of the wireless deviceand the temporary IMSI has been completed. In some embodiments, asdescribed in relation to method 500, authentication may be performedusing one or more AUCs.

Following step 445, a confirmation process may be conducted by thedetection device to ensure that the wireless device has been activatedproperly for use with the non-temporary IMSI and the non-temporaryMSISDN. This confirmation process may follow method 800 of FIG. 8.

FIG. 5 illustrates another embodiment of a method for activating awireless device. Method 500 may be performed using wireless network 210of FIG. 2. Method 500 may also be performed by some other wirelessnetwork that has, or is in communication with, a detection device, suchas detection device 240 of FIG. 2. Each step of method 500 may beperformed by a computer system, which may comprise one or morecomputers, such as computer system 900 of FIG. 9. The detection devicemay be part of the wireless network or may be in communication with thewireless network but operated by a third-party. Method 500 may representan alternate embodiment of method 400. Various means may be used toperform the steps of method 500, such as: a detection device, componentsof a wireless network, an activation system (which may or may not bepart of the wireless network), and/or other various computerized devicesmay be used.

In accordance with method 500, at step 505, a pool of IMSIs (or otherform of identifiers) is maintained, for example, at the activationsystem. The pool might, but need not, comprise consecutively-numberedIMSIs. Each of the IMSIs in this pool is known to the activation system,and they are designated by the activation system for use as temporaryIMSIs. (The activation system might also maintain another pool of IMSIsto be used as non-temporary IMSIs, as described in more detail below.)Maintaining a pool of IMSIs can comprise storing the IMSIs in a databaseaccessible to the activation system, keeping a record of the IMSIs,removing used IMSIs from the pool, adding IMSIs to the pool whennecessary, and/or the like.

The temporary IMSIs in the pool may be provided to SIM manufacturing atstep 510, which manufactures SIMs encoded with these temporary IMSIsand/or otherwise provides for each of the temporary IMSIs to be encodedand/or stored on a SIM. Each temporary IMSI is thereafter assigned to aSIM card for use in a wireless device at step 515, for example, byinstalling a SIM encoded with the temporary IMSI into the wirelessdevice and/or otherwise packaging the SIM with the wireless device. Inan aspect, providing the temporary IMSI to be encoded on a SIM, theactivation system reserves this temporary IMSI from the pool ofavailable IMSI numbers, so that it cannot be used again at least untilrecycled.

At step 520, the wireless network may be configured to accommodate theactivation process. One method of configuring the wireless network isdescribed in further detail below with respect to method 600 of FIG. 6.At step 525, a wireless device communicatively coupled with a SIM withone of the temporary IMSIs is detected by the wireless network. Forexample, this may occur when the wireless device enters a service areaof the wireless network or is turned on while within a service area ofthe wireless network.

At step 530, a detection device may receive an authentication request.This authentication request may be routed to the detection device by thewireless network. The authentication request may be in the form of a“send authentication information” message received from an MSC (and/orVLR) in communication with the wireless device. The authenticationrequest may result from the wireless device initially attempting toattach to a wireless network at step 525, such as wireless network 210of FIG. 2. The authentication request may be routed to the detectiondevice based on the temporary IMSI of the wireless device. All requestsfrom such temporary IMSIs may be routed by the wireless network to thedetection device. For example, a range of IMSIs designated as temporarymay be routed by the wireless network to the detection device. Theauthentication request may contain the IMSI of the wireless deviceattempting to attach to the wireless network.

At step 535, the IMSI received as part of the authentication request atstep 530 may be compared to a blacklist of IMSIs by the detectiondevice. Such a blacklist may list one or more IMSIs that are prohibitedfrom being activated for use on the wireless network. As an example,IMSIs of SIM cards that are known to be stolen may be listed on theblacklist. As such, stolen prepaid phones may be prevented from beingactivated for use on the wireless network. The creation and modificationof such a blacklist is described in more detail in reference to method700 of FIG. 7.

If the IMSI received as part of the authentication request matches anIMSI listed in the blacklist, method 500 may proceed to step 540. Atstep 540, authentication, and thus activation of the wireless device,may be blocked by the detection device. As such, the wireless device maynot be activated for one or more uses on the wireless network. Forexample, incoming and outgoing calls, text messages, and internet accessmay be blocked. Some services, such as emergency services, may beenabled. The detection device may return one or more messages to theMSC/VLR that indicates that authentication of the wireless deviceassociated with the IMSI is prohibited (such as “No AUC entry”). Thedetection device returning such messages to the MSC/VLR may not requireany interaction with an AUC and/or an HLR.

If the IMSI received as part of the authentication request does notmatch an IMSI listed in the blacklist, method 500 may proceed to step545. By the IMSI received as part of the authentication request at step530 not being present on the blacklist, it may be determined that theIMSI (and, thus, the associated wireless device) is eligible foractivation. While at step 530 the IMSI received as part of theauthentication request by the detection device is compared to ablacklist of IMSIs, it should be understood that a similar comparisonmay be conducted to a whitelist of IMSIs. In such a comparison,activation of the IMSI received as part of the authentication request atstep 530 may only be permitted if the received IMSI is affirmativelylisted on the whitelist. Activation may be blocked if the IMSI is notlisted on the whitelist.

While in method 400 activation was conducted between the detectiondevice and the MSC/VLR without interaction with an AUC and/or HLR, insome embodiments one or more AUCs may be used for authentication. Inmethod 500, AUCs are used for authentication. However, in someembodiments, method 500 may be performed with an authentication schemesimilar to method 400. At step 545, the detection device may requestprovisioning with one or more AUCs. This may involve one or more AUCentries being made for the temporary IMSI associated with the wirelessdevice in one or more AUCs. Before transmitting the authenticationinformation to an AUC, the detection device may wait for a responseindicating that provisioning has been completed.

At step 550, the authentication information may be transmitted to thefirst AUC that completes provisioning. For example, at step 545, theprovisioning request may have been transmitted to multiple AUCs.However, only one of these provisioning requests may need to becompleted successfully in order to continue with the method 500. Assuch, preference may be given to the first AUC to respond to theprovisioning request. As such, latency in completing the activationprocess may be decreased. At step 550, the fastest AUC to respond to theprovisioning request of step 545 may receive the authenticationinformation. Therefore, the AUC with the fastest response time to theprovisioning request may be selected to be used for authentication. Ifone or more of the AUCs has been pre-provisioned, step 550 may beperformed following step 535 by transmitting the authenticationinformation to multiple AUCs. At step 550, authentication may beperformed by comparing the Ki values from the SIM card against thosespecified by the SIM card manufacturer, which may already be stored inthe AUC. In some embodiments, the Ki values on the SIM card may betransmitted to multiple AUCs. As such, if one AUC responded to theprovisioning request faster, the authentication process can be completedsooner, thereby decreasing latency in activating the wireless device. Ifa timeout response is received from an AUC, the authenticationinformation may be sent to a different AUC.

At step 555, one or more location update messages may be received by thedetection device. These locations update messages may be received fromthe appropriate MSC/VLR and may have been routed to the detection devicebased on the temporary IMSI. An entry may be added to the VLR for thewireless device.

At step 560, a temporary MSISDN may be selected from a pool of availableMSISDNs and assigned to the temporary IMSI of the wireless device. Assuch, the wireless device being activated is now associated with atemporary MSISDN. This temporary MSISDN may be used only duringactivation. As such, once the temporary MSISDNs have been used duringactivation, the temporary MSISDN may be used for activation of anotherwireless device.

At step 565, an insert subscriber data message may be transmitted to theappropriate MSC/VLR servicing the wireless device. This message mayidentify various services that the wireless device is capable of, suchas receiving and/or sending SMS messages, emergency services, placingand/or receiving phone calls, and/or web services. Following step 565,the wireless device may be permitted to use the wireless network for thebearer services that were identified in the insert subscriber datamessage.

At step 570, a non-temporary IMSI and a non-temporary MSISDN may beassigned to the wireless device by the detection device. Thenon-temporary MSISDN and the non-temporary IMSI may be selected from apool of non-temporary MSISDNs and a pool of non-temporary IMSIs,respectively, available for assignment. In some embodiments, a user ofthe wireless device may be permitted to select a non-temporary MSISDN.For example, referring to U.S. patent application Ser. No. 12/197,396identified in the cross reference section, method 700 of FIG. 7 may beperformed to permit a user of the wireless device to select anon-temporary MSISDN.

At step 575, the non-temporary IMSI may be provisioned into one or moreAUCs of the wireless network. Additionally, at step 575, thenon-temporary IMSI and the non-temporary MSISDN may be provisioned intoone or more home location registers (HLRs). Following the wirelessdevice (more specifically, the SIM card of the wireless device) beingassigned a non-temporary IMSI and a non-temporary MSISDN, the temporaryIMSI and the temporary MSISDN previously used may be available foractivation by another wireless device. For example, the temporary IMSImay be reassigned into another pool of IMSIs that are to be provided toSIM manufacturing. The temporary MSISDN may be assigned to anotherwireless device for use during the activation process.

Following step 575, a confirmation process may be conducted by thedetection device to ensure that the wireless device has been activatedproperly for use with the non-temporary IMSI and the non-temporaryMSISDN. This confirmation process may follow method 800 of FIG. 8.

FIG. 6 illustrates an embodiment of a method 600 of configuring awireless network to support wireless device activation. Method 600 canbe implemented as part of method 400, method 500, or as part of somemethod for performing wireless device activation. Method 600 may beperformed using wireless network 210 of FIG. 2. Method 600 may also beperformed by some other wireless network that has, or is incommunication with, a detection device, such as detection device 240 ofFIG. 2. Each step of method 600 may be performed by a computer system,which may comprise one or more computers, such as computer system 900 ofFIG. 9. Means to perform method 600 may include one or more computerizeddevices, such as the components of the previously detailed systems.

The method 600 comprises providing a detection device at step 605.Providing a detection device might comprise installing the detectiondevice in a wireless provider's wireless network. Providing a detectiondevice might comprise configuring the detection device at step 610.Configuration of the detection device can include establishingcommunication between the detection device and other components in thewireless network, establishing communication between the detectiondevice and the activation system, and/or the like. In an aspect,configuring the detection device can also comprise storing in thedetection device a pool of temporary MSISDNs that can be used for theactivation process, and/or installing, on the detection device, code(e.g., hardware, firmware and/or software instructions) that implementsthe functionality described herein. Such a pool of temporary MSISDNs maybe stored within a database accessible by the detection device.

Method 600 may comprise configuring specific components of the wirelessnetwork to operate in accordance with embodiments of the invention.Specifically, in some cases, an MSC and/or VLR (and/or any othernecessary component within the wireless network) is configured to treatthe detection device as the HLR for any IMSI that falls within the poolmaintained by the activation system at step 615. Hence, when anunactivated wireless device (which has assigned a temporary IMSI)attempts to register with the network, the wireless network will routedata related to the wireless device to the detection device, as opposedto the conventional HLR (which, at that point will be unaware of thewireless device, since the wireless device has not been activated).

Configuration of the wireless network can also include configuration ofthe one or more authentication centers at step 620. Configuration of anauthentication center includes, in one aspect, populating theauthentication center with security keys for wireless devices identifiedby the temporary IMSIs (that is, creating records in the authenticationcenter that correlate temporary IMSIs with the shared secrets stored onthe SIMs encoded with those temporary IMSIs; these shared secrets thencan be used to generate the necessary security keys for the wirelessdevices, as described above). This process may be similar to theconfiguration of an authentication center under a traditional activationprocess, except that the temporary IMSI is used instead of anon-temporary IMSI. These configuration operations, in an embodiment,can be performed automatically (and/or based on user input) by theactivation system. In another embodiment, this configuration isperformed manually.

FIG. 7 illustrates an embodiment of a method 700 for modifying an IMSIblacklist. Method 700 may be performed in conjunction with wirelessnetwork 210 of FIG. 2. Method 700 may also be performed by some otherwireless network that has, or is in communication with, a detectiondevice, such as detection device 240 of FIG. 2. Each step of method 700may performed by such a detection device, which may comprise one or morecomputer systems, such as computer system 900 of FIG. 9. The detectiondevice may be part of the wireless network or may be in communicationwith the wireless network but operated by a third-party. Each step ofmethod 700 may be performed by a detection device. Various means forperforming method 700 include a detection device, which may include oneor more computer systems. Means to perform method 700 may include one ormore computerized devices, such as the components of the previouslydetailed systems.

At step 710, a command may be received from an administrator to add oneor more IMSIs to a blacklist. For example, at step 710 if one or morewireless devices and/or SIM cards were stolen, IMSIs associated withthose wireless devices and/or SIM cards may be blocked from havingaccess to a wireless network by being added to the blacklist. The IMSIsof the blacklist may be temporary IMSIs. At step 720, in response to thecommand received at step 710, the one or more IMSIs received from theadministrator may be added to the blacklist.

At step 730, one or more IMSIs may be added automatically to theblacklist without receiving a command directly from the administrator.For example, based on violation of one or more predetermined rules, anIMSI may automatically be added to the blacklist. At step 730, inaccordance with one or more rules, an IMSI may be added to theblacklist. As an example, if a wireless device that corresponds with anIMSI attempts to send a number of signaling messages over a predefinedthreshold number, it may be determined that this IMSI should be added tothe blacklist. Other rules may be possible for determining whether anIMSI should be added to the blacklist.

It may also be possible to manually remove IMSIs from the blacklist. Atstep 740, a command may be received from the administrator to remove oneor more IMSIs from the blacklist. At step 750, in response to thecommand received at step 740, the one or more IMSIs specified may beremoved from the blacklist.

While method 700 details the use of a blacklist, it should be understoodthat a whitelist may be used instead. In a whitelist, rather than addingIMSIs that are to be blocked to the list, IMSIs that are to be permittedto be activated may be added to the whitelist. As such, if an IMSI is tobe blocked from being activated, the IMSI may be removed from thewhitelist. Further, it should be understood that the steps of method 700may be performed in varying orders. For example, the administrator mayremove one or more IMSIs from the blacklist without adding other IMSIsto the blacklist first.

After a non-temporary IMSI and a non-temporary MSISDN have been assignedto a wireless device, data received from the wireless device may nolonger be routed to the detection device. This may be because thewireless network is configured to only route data related to temporaryIMSIs (e.g., a particular range of IMSIs) to the detection device.Accordingly, once the wireless device has been assigned thenon-temporary IMSI and the non-temporary MSISDN, the detection devicemay not be able to directly confirm whether the wireless device hassuccessfully attached to the wireless network using the non-temporaryIMSI (and the non-temporary MSISDN). As such, a method, such as method800 of FIG. 8, may be used to perform such a confirmation. FIG. 8illustrates an embodiment of a method for confirming that a wirelessdevice has been activated properly by attaching to the wireless networkusing the non-temporary IMSI. Method 800 may be performed using wirelessnetwork 210 of FIG. 2. Method 800 may also be performed by some otherwireless network that has, or is in communication with, a detectiondevice, such as detection device 240 of FIG. 2. Each step of method 800may be performed by one or more computer systems, such as computersystem 900 of FIG. 9. The detection device may be part of the wirelessnetwork or may be in communication with the wireless network butoperated by a third-party. Method 800 may be performed following method400 of FIG. 4, method 500 of FIG. 5, and/or some other method foractivating a wireless device. Each step of method 800 may be performedby a detection device, unless otherwise indicated. Means to performmethod 800 may include one or more computerized devices, such as thecomponents of the previously detailed systems.

At step 810, a message for delivery to the wireless device that is nowassociated with the non-temporary IMSI and non-temporary MSISDN may beregistered by the detection device. This message may be transmitted toand registered with an HLR. The message may be an SMS text message.Other forms of messages besides SMS may also be possible.

At step 820, the wireless device may update with the non-temporary IMSI.Updating with the non-temporary IMSI may involve the wireless deviceattempting to reattach to the wireless network using the non-temporaryIMSI. This may involve the wireless device being restarted and attachingto the wireless network in a conventional way using the non-temporaryIMSI. Since the non-temporary IMSI is being used to attach with thewireless network, the wireless network may not be configured to routedata related to the wireless device to the detection device.

At step 830, if the wireless device has successfully attached thewireless network using the non-temporary IMSI, a notification may bereceived by the detection device from the HLR that indicates thewireless device associated with the non-temporary IMSI and non-temporaryMSISDN is available to receive the SMS message (or, has received the SMSmessage). By receiving the indication that indicates the wireless deviceassociated with the non-temporary IMSI is available to receive the SMStext message, the detection device can infer that the wireless devicehas successfully attached with the wireless network using thenon-temporary IMSI (and non-temporary MSISDN). While method 800 relieson the use of an SMS text message, some other form of message beingregistered with the HLR for delivery to the wireless device may be usedin order to confirm that the wireless device has reattached to thewireless network properly with the new IMSI.

If the detection device does not receive confirmation that the wirelessdevice has successfully attached to the network using the non-temporaryIMSI, messages may be retransmitted to the AUC and/or the HLR to attemptto cure the error. Further, another SMS text message may be registeredwith the HLR for delivery to the wireless device now associated with thenon-temporary IMSI in another attempt to confirm that the wirelessdevice has attached properly using the non-temporary IMSI with thewireless network.

FIG. 9 illustrates an embodiment of a computer system. A computer systemas illustrated in FIG. 9 may be incorporated as part of the previouslydescribed computerized devices. For example, computer system 900 canrepresent some of the components of the wireless devices, MSCs, VLRs,BSCs, AUCs, detection devices, HLRs, and/or activation systems. Itshould be noted that FIG. 9 is meant only to provide a generalizedillustration of various components, any or all of which may be utilizedas appropriate. FIG. 9, therefore, broadly illustrates how individualsystem elements may be implemented in a relatively separated orrelatively more integrated manner.

The computer system 900 is shown comprising hardware elements that canbe electrically coupled via a bus 905 (or may otherwise be incommunication, as appropriate). The hardware elements may include one ormore processors 910, including without limitation one or moregeneral-purpose processors and/or one or more special-purpose processors(such as digital signal processing chips, graphics accelerationprocessors, and/or the like); one or more input devices 915, which caninclude without limitation a mouse, a keyboard and/or the like; and oneor more output devices 920, which can include without limitation adisplay device, a printer and/or the like.

The computer system 900 may further include (and/or be in communicationwith) one or more non-transitory storage devices 925, which cancomprise, without limitation, local and/or network accessible storage,and/or can include, without limitation, a disk drive, a drive array, anoptical storage device, solid-state storage device such as a randomaccess memory (“RAM”) and/or a read-only memory (“ROM”), which can beprogrammable, flash-updateable, and/or the like. Such storage devicesmay be configured to implement any appropriate data stores, includingwithout limitation, various file systems, database structures, and/orthe like.

The computer system 900 might also include a communications subsystem930, which can include without limitation a modem, a network card(wireless or wired), an infrared communication device, a wirelesscommunication device and/or chipset (such as a Bluetooth™ device, an802.11 device, a WiFi device, a WiMax device, cellular communicationfacilities, etc.), and/or the like. The communications subsystem 930 maypermit data to be exchanged with a network (such as the networkdescribed below, to name one example), other computer systems, and/orany other devices described herein. In many embodiments, the computersystem 900 will further comprise a working memory 935, which can includea RAM or ROM device, as described above.

The computer system 900 also can comprise software elements, shown asbeing currently located within the working memory 935, including anoperating system 940, device drivers, executable libraries, and/or othercode, such as one or more application programs 945, which may comprisecomputer programs provided by various embodiments, and/or may bedesigned to implement methods, and/or configure systems, provided byother embodiments, as described herein. Merely by way of example, one ormore procedures described with respect to the method(s) discussed abovemight be implemented as code and/or instructions executable by acomputer (and/or a processor within a computer); in an aspect, then,such code and/or instructions can be used to configure and/or adapt ageneral purpose computer (or other device) to perform one or moreoperations in accordance with the described methods.

A set of these instructions and/or code might be stored on anon-transitory computer-readable storage medium, such as the storagedevice(s) 925 described above. In some cases, the storage medium mightbe incorporated within a computer system, such as computer system 900.In other embodiments, the storage medium might be separate from acomputer system (e.g., a removable medium, such as a compact disc),and/or provided in an installation package, such that the storage mediumcan be used to program, configure and/or adapt a general purposecomputer with the instructions/code stored thereon. These instructionsmight take the form of executable code, which is executable by thecomputer system 900 and/or might take the form of source and/orinstallable code, which, upon compilation and/or installation on thecomputer system 900 (e.g., using any of a variety of generally availablecompilers, installation programs, compression/decompression utilities,etc.), then takes the form of executable code.

It will be apparent to those skilled in the art that substantialvariations may be made in accordance with specific requirements. Forexample, customized hardware might also be used, and/or particularelements might be implemented in hardware, software (including portablesoftware, such as applets, etc.), or both. Further, connection to othercomputing devices such as network input/output devices may be employed.

As mentioned above, in one aspect, some embodiments may employ acomputer system (such as the computer system 900) to perform methods inaccordance with various embodiments of the invention. According to a setof embodiments, some or all of the procedures of such methods areperformed by the computer system 900 in response to processor 910executing one or more sequences of one or more instructions (which mightbe incorporated into the operating system 940 and/or other code, such asan application program 945) contained in the working memory 935. Suchinstructions may be read into the working memory 935 from anothercomputer-readable medium, such as one or more of the storage device(s)925. Merely by way of example, execution of the sequences ofinstructions contained in the working memory 935 might cause theprocessor(s) 910 to perform one or more procedures of the methodsdescribed herein.

The terms “machine-readable medium” and “computer-readable medium,” asused herein, refer to any medium that participates in providing datathat causes a machine to operate in a specific fashion. In an embodimentimplemented using the computer system 900, various computer-readablemedia might be involved in providing instructions/code to processor(s)910 for execution and/or might be used to store and/or carry suchinstructions/code. In many implementations, a computer-readable mediumis a physical and/or tangible storage medium. Such a medium may take theform of a non-volatile media or volatile media. Non-volatile mediainclude, for example, optical and/or magnetic disks, such as the storagedevice(s) 925. Volatile media include, without limitation, dynamicmemory, such as the working memory 935.

Common forms of physical and/or tangible computer-readable mediainclude, for example, a floppy disk, a flexible disk, hard disk,magnetic tape, or any other magnetic medium, a CD-ROM, any other opticalmedium, punchcards, papertape, any other physical medium with patternsof holes, a RAM, a PROM, EPROM, a FLASH-EPROM, any other memory chip orcartridge, or any other medium from which a computer can readinstructions and/or code.

Various forms of computer-readable media may be involved in carrying oneor more sequences of one or more instructions to the processor(s) 910for execution. Merely by way of example, the instructions may initiallybe carried on a magnetic disk and/or optical disc of a remote computer.A remote computer might load the instructions into its dynamic memoryand send the instructions as signals over a transmission medium to bereceived and/or executed by the computer system 900.

The communications subsystem 930 (and/or components thereof) generallywill receive signals, and the bus 905 then might carry the signals(and/or the data, instructions, etc. carried by the signals) to theworking memory 935, from which the processor(s) 910 retrieves andexecutes the instructions. The instructions received by the workingmemory 935 may optionally be stored on a storage device 925 eitherbefore or after execution by the processor(s) 910.

The methods, systems, and devices discussed above are examples. Variousconfigurations may omit, substitute, or add various procedures orcomponents as appropriate. For instance, in alternative configurations,the methods may be performed in an order different from that described,and/or various stages may be added, omitted, and/or combined. Also,features described with respect to certain configurations may becombined in various other configurations. Different aspects and elementsof the configurations may be combined in a similar manner. Also,technology evolves and, thus, many of the elements are examples and donot limit the scope of the disclosure or claims.

Specific details are given in the description to provide a thoroughunderstanding of example configurations (including implementations).However, configurations may be practiced without these specific details.For example, well-known circuits, processes, algorithms, structures, andtechniques have been shown without unnecessary detail in order to avoidobscuring the configurations. This description provides exampleconfigurations only, and does not limit the scope, applicability, orconfigurations of the claims. Rather, the preceding description of theconfigurations will provide those skilled in the art with an enablingdescription for implementing described techniques. Various changes maybe made in the function and arrangement of elements without departingfrom the spirit or scope of the disclosure.

Also, configurations may be described as a process which is depicted asa flow diagram or block diagram. Although each may describe theoperations as a sequential process, many of the operations can beperformed in parallel or concurrently. In addition, the order of theoperations may be rearranged. A process may have additional steps notincluded in the figure. Furthermore, examples of the methods may beimplemented by hardware, software, firmware, middleware, microcode,hardware description languages, or any combination thereof. Whenimplemented in software, firmware, middleware, or microcode, the programcode or code segments to perform the necessary tasks may be stored in anon-transitory computer-readable medium such as a storage medium.Processors may perform the described tasks.

Having described several example configurations, various modifications,alternative constructions, and equivalents may be used without departingfrom the spirit of the disclosure. For example, the above elements maybe components of a larger system, wherein other rules may takeprecedence over or otherwise modify the application of the invention.Also, a number of steps may be undertaken before, during, or after theabove elements are considered. Accordingly, the above description doesnot bound the scope of the claims.

1. A method for activating a wireless device on a wireless network, themethod comprising: receiving an authentication request based on thewireless device attempting to attach to the wireless network, whereinthe authorization request specifies an international mobile subscriberidentity (IMSI); comparing the IMSI to a set of stored blocked IMSIs,wherein each IMSI of the set of stored blocked IMSIs is prohibited frombeing used to access the wireless network; in response to thecomparison, determining the wireless device that corresponds to the IMSIis permitted to be attached to the wireless network; and in response todetermining the wireless device is permitted to attach to the wirelessnetwork, causing authentication of the wireless device.
 2. The methodfor activating the wireless device on the wireless network of claim 1,further comprising: routing, by the wireless network, the authenticationrequest to a detection device based on the IMSI, wherein the detectiondevice is separate from an HLR of the wireless network.
 3. The methodfor activating the wireless device on the wireless network of claim 2,wherein causing authentication of the wireless device comprises:performing authentication of the wireless device by the detectiondevice, wherein such authentication does not require communication withan authentication center of the wireless network; and transmitting anauthentication response comprising security information to a mobileswitching center of the wireless network, wherein the mobile switchingcenter services the wireless device.
 4. The method for activating thewireless device on the wireless network of claim 1, further comprising:identifying a second IMSI corresponding to a second wireless device thathas violated at least a rule of a set of rules; and in response toidentifying the second IMSI corresponding to the second wireless devicethat has violated at least the rule of the set of rules, adding thesecond IMSI to the set of stored blocked IMSIs.
 5. The method foractivating the wireless device on the wireless network of claim 4,wherein the rule defines a limit on a number of signaling messagespermissible to be received from wireless devices.
 6. The method foractivating the wireless device on the wireless network of claim 1,further comprising: receiving a command from an administrator, to add asecond IMSI to the set of stored blocked IMSIs; and in response toreceiving the command, adding the second IMSI to the set of storedblocked IMSIs.
 7. The method for activating the wireless device on thewireless network of claim 1, further comprising: transmittingprovisioning information corresponding to the wireless device to aplurality of AUCs of the wireless network; and receiving a response fromat least one of the plurality of AUCs.
 8. The method for activating thewireless device on the wireless network of claim 7, wherein causingauthentication of the wireless device comprises: selecting an AUC fromthe plurality of AUCs of the wireless network to receive authenticationinformation corresponding to the wireless device based on a responsetime of the response of the AUC to the transmitted provisioninginformation; and transmitting the authentication informationcorresponding to the wireless device to the selected AUC.
 9. The methodfor activating the wireless device on the wireless network of claim 1,further comprising: assigning a temporary mobile subscriber integratedservices digital network number (MSISDN) to the wireless device thatcorresponds to the IMSI, wherein the IMSI is a temporary IMSI.
 10. Themethod for activating the wireless device on the wireless network ofclaim 1, further comprising: assigning a non-temporary MSISDN and anon-temporary IMSI to the wireless device; after assigning thenon-temporary MSISDN and the non-temporary IMSI to the wireless device,transmitting a first message to a home location register (HLR) of thewireless network, wherein: the first message is for delivery to thewireless device; and receiving a message from the HLR indicating thatthe wireless device is available to receive the message.
 11. A detectiondevice for activating a wireless device on a wireless network, thedetection device comprising: a processor; and a memory communicativelycoupled with and readable by the processor and having stored thereinprocessor-readable instructions which, when executed by the processor,cause the processor to: receive a request from the wireless network forauthentication of the wireless device, wherein: the request specifies aninternational mobile subscriber identity (IMSI) corresponding to thewireless device; compare the IMSI to a set of stored blocked IMSIs,wherein each IMSI of the set of stored blocked IMSIs is prohibited frombeing used to access the wireless network; in response to thecomparison, determine the wireless device that corresponds to the IMSIis permitted to be attached to the wireless network; and in response todetermining the wireless device is permitted to attach to the wirelessnetwork, cause the wireless device to be authenticated.
 12. Thedetection device for activating the wireless device on the wirelessnetwork of claim 11, wherein the processor-readable instructions forcausing the wireless device to be authenticated comprisesprocessor-readable instructions configured to cause the processor to:perform authentication of the wireless device; and cause anauthentication response comprising security information to betransmitted to a mobile switching center of the wireless network. 13.The detection device for activating the wireless device on the wirelessnetwork of claim 11, wherein the processor-readable instructions forcausing the wireless device to be authenticated comprisesprocessor-readable instructions configured to cause provisioninginformation corresponding to the wireless device to be transmitted to aplurality of AUCs of the wireless network.
 14. The detection device foractivating the wireless device on the wireless network of claim 13,wherein the processor-readable instructions for causing the wirelessdevice to be authenticated comprises processor-readable instructionsconfigured to: select an AUC from the plurality of AUCs of the wirelessnetwork to receive authentication information corresponding to thewireless device based on a response time of the AUC to the transmittedprovisioning information; and cause the authentication informationcorresponding to the wireless device to be transmitted to the selectedAUC.
 15. The detection device for activating the wireless device on thewireless network of claim 11, wherein the processor-readableinstructions further comprise processor-readable instructions which,when executed by the processor, cause the processor to: identify asecond IMSI corresponding to a second wireless device that has violatedat least a rule of a set of rules; and in response to identifying thesecond IMSI corresponding to the second wireless device that hasviolated at least the rule of the set of rules, add the second IMSI tothe set of stored blocked IMSIs enforced by the detection device. 16.The detection device for activating the wireless device on the wirelessnetwork of claim 11, wherein the processor-readable instructions furthercomprise processor-readable instructions which, when executed by theprocessor, cause the processor to: assign a non-temporary MSISDN and anon-temporary IMSI to the wireless device; after assigning thenon-temporary MSISDN and the non-temporary IMSI to the wireless device,cause a first message to be transmitted to a home location register(HLR) of the wireless network, wherein: the first message is fordelivery to the wireless device; and process a message received from theHLR indicating that the wireless device is available to receive themessage.
 17. The detection device for activating the wireless device onthe wireless network of claim 11, wherein the IMSI received in therequest is a temporary IMSI.
 18. A detection apparatus for activating awireless device on a wireless network, the detection apparatuscomprising: means for receiving a request from the wireless network forauthentication of the wireless device, wherein the request specifies aninternational mobile subscriber identity (IMSI) corresponding to thewireless device; means for comparing the IMSI to a set of stored blockedIMSIs, wherein each IMSI of the set of stored blocked IMSIs isprohibited from being used to access the wireless network; means fordetermining, in response to the comparison, the wireless device thatcorresponds to the IMSI is permitted to be attached to the wirelessnetwork; and means for causing the wireless device to be authenticatedin response to determining the wireless device is permitted to attach tothe wireless network.
 19. The detection apparatus for activating thewireless device on the wireless network of claim 18, the detectionapparatus further comprising: means for assigning a non-temporary IMSIto the wireless device, wherein the IMSI of the request is a temporaryIMSI; means for transmitting a first message to a home location register(HLR) of the wireless network after assigning the non-temporary IMSI tothe wireless device, wherein the first message is for delivery to thewireless device; means for receiving a message from the HLR indicatingthat the wireless device is available to receive the message.
 20. Thedetection apparatus for activating the wireless device on the wirelessnetwork of claim 18, the detection apparatus further comprising: meansfor transmitting provisioning information corresponding to the wirelessdevice to a plurality of AUCs of the wireless network; and means forreceiving a response from at least one of the plurality of AUCs, whereinthe means for causing authentication of the wireless device comprises:means for selecting an AUC from the plurality of AUCs of the wirelessnetwork to receive authentication information corresponding to thewireless device based on the response of the AUC to the transmittedprovisioning information; and means for transmitting the authenticationinformation corresponding to the wireless device to the selected AUC.